【WEEK13】 【DAY4】Shiro Part 4【English Version】

2024.5.23 Thursday

Continued from 【WEEK13】 【DAY3】Shiro Part 3【English Version】

Table of Contents

  • [15.6. Integrate Shiro with MyBatis](#15.6. Integrate Shiro with MyBatis)
    • [15.6.1. Modify pom.xml](#15.6.1. Modify pom.xml)
    • [15.6.2. Create application.yaml](#15.6.2. Create application.yaml)
    • [15.6.3. Connect to the database](#15.6.3. Connect to the database)
    • [15.6.4. Modify application.properties](#15.6.4. Modify application.properties)
    • [15.6.5. Create pojo folder and mapper folders (two places)](#15.6.5. Create pojo folder and mapper folders (two places))
      • [15.6.5.1. Create User.java](#15.6.5.1. Create User.java)
      • [15.6.5.2. Create UserMapper.java](#15.6.5.2. Create UserMapper.java)
      • [15.6.5.3. Create UserMapper.xml](#15.6.5.3. Create UserMapper.xml)
    • [15.6.6. Create service folder](#15.6.6. Create service folder)
      • [15.6.6.1. Create UserService.java](#15.6.6.1. Create UserService.java)
      • [15.6.6.2. Create UserServiceImpl.java](#15.6.6.2. Create UserServiceImpl.java)
      • [15.6.6.3. Unit Test](#15.6.6.3. Unit Test)
    • [15.6.7. Connect to a real database](#15.6.7. Connect to a real database)
      • [15.6.7.1. Modify UserRealm.java](#15.6.7.1. Modify UserRealm.java)
      • [15.6.7.2. Modify the User table](#15.6.7.2. Modify the User table)
      • [15.6.7.3. Restart ShiroSpringbootApplication.java](#15.6.7.3. Restart ShiroSpringbootApplication.java)
      • [15.6.7.4. Currently using general encryption](#15.6.7.4. Currently using general encryption)

15.6. Integrate Shiro with MyBatis

15.6.1. Modify pom.xml

Import 5 dependencies

xml 复制代码
<!--mysql-->
<dependency>
    <groupId>com.mysql</groupId>
    <artifactId>mysql-connector-j</artifactId>
</dependency>
<!--log4j-->
<dependency>
    <groupId>log4j</groupId>
    <artifactId>log4j</artifactId>
    <version>1.2.17</version>
</dependency>
<!--druid-->
<!-- https://mvnrepository.com/artifact/com.alibaba/druid -->
<dependency>
    <groupId>com.alibaba</groupId>
    <artifactId>druid</artifactId>
    <version>1.1.21</version>
</dependency>
<!--mybatis-->
<!-- https://mvnrepository.com/artifact/org.mybatis.spring.boot/mybatis-spring-boot-starter -->
<dependency>
    <groupId>org.mybatis.spring.boot</groupId>
    <artifactId>mybatis-spring-boot-starter</artifactId>
    <version>2.2.2</version>
</dependency>
<!--lombok-->
<dependency>
    <groupId>org.projectlombok</groupId>
    <artifactId>lombok</artifactId>
    <version>1.16.20</version>
</dependency>

15.6.2. Create application.yaml

Use the YAML file configuration previously used, copy and paste it, and make some modifications at the end. At this point, all contents of application.properties can be commented out without affecting use.

yaml 复制代码
spring:
  datasource:
    username: root
    password: 123456
    # If there is a time zone error, add a time zone configuration and connect it with other configurations using &
    # For example: serverTimezone=UTC
    url: jdbc:mysql://localhost:3306/mybatis?serverTimezone=UTC&useUnicode=true&characterEncoding=utf-8
    driver-class-name: com.mysql.cj.jdbc.Driver
    type: com.alibaba.druid.pool.DruidDataSource

    # Spring Boot does not inject these attribute values by default, so you need to bind them yourself
    # Druid-specific configuration
    initialSize: 5
    minIdle: 5
    maxActive: 20
    maxWait: 60000
    timeBetweenEvictionRunsMillis: 60000
    minEvictableIdleTimeMillis: 300000
    validationQuery: SELECT 1 FROM DUAL
    testWhileIdle: true
    testOnBorrow: false
    testOnReturn: false
    poolPreparedStatements: true

    # Configure monitoring statistical interception filters: stat: statistical monitoring; log4j: log recording; wall: defense against SQL injection
    # If an error like java.lang.ClassNotFoundException: org.apache.log4j.Priority occurs
    # Import the log4j dependency, Maven address: https://mvnrepository.com/artifact/log4j/log4j
    filters: stat,wall,log4j
    maxPoolPreparedStatementPerConnectionSize: 20
    useGlobalDataSourceStat: true
    connectionProperties: druid.stat.mergeSql=true;druid.stat.slowSqlMillis=500

mybatis:
  # type-aliases-package: P40.pojo
  mapper-locations: classpath:mapper/*.xml
# Pay attention to the indentation of the three lines above, which directly determines whether there is an error

15.6.3. Connect to the database

A new mybatis database has been created

sql 复制代码
CREATE DATABASE `mybatis`;
USE `mybatis`;

CREATE TABLE `user`(
    `id` INT(20) NOT NULL,
    `name` VARCHAR(30) DEFAULT NULL,
    `pwd` VARCHAR(30) DEFAULT NULL,
    PRIMARY KEY(`id`)
)ENGINE=INNODB DEFAULT CHARSET=utf8;

INSERT INTO `user`(`id`,`name`,`pwd`) VALUES
(1,'zhangsan','123456'),
(2,'lisi','2345678'),
(3,'wangwu','3456789');

15.6.4. Modify application.properties

xml 复制代码
spring.application.name=shiro-springboot
#mybatis.type-aliases-package=P40.pojo
mybatis.mapper-locations=classpath:mapper/*.xml

Note here!!! The aliases starting from the second line cannot be used here (it will cause an error), so it should be commented out to run successfully!

15.6.5. Create pojo folder and mapper folders (two places)

15.6.5.1. Create User.java

java 复制代码
package com.P40.pojo;

import lombok.AllArgsConstructor;
import lombok.Data;
import lombok.NoArgsConstructor;

@Data
@AllArgsConstructor
@NoArgsConstructor
public class User {
    private int id;
    private String name;
    private String pwd;
}

15.6.5.2. Create UserMapper.java

java 复制代码
package com.P40.mapper;

import com.P40.pojo.User;
import org.apache.ibatis.annotations.Mapper;
import org.springframework.stereotype.Repository;

@Repository
@Mapper// Whether this mapper is commented or not doesn't matter
public interface UserMapper {
    public User queryUserByName(String name);
}

15.6.5.3. Create UserMapper.xml

xml 复制代码
<?xml version="1.0" encoding="UTF-8" ?>
<!DOCTYPE mapper
        PUBLIC "-//mybatis.org//DTD Mapper 3.0//EN"
        "http://mybatis.org/dtd/mybatis-3-mapper.dtd">
<mapper namespace="com.P40.mapper.UserMapper">
    <select id="queryUserByName" parameterType="String" resultType="com.P40.pojo.User">
        SELECT * FROM mybatis.user WHERE name = #{name}
    </select>
</mapper>

15.6.6. Create service folder

15.6.6.1. Create UserService.java

java 复制代码
package com.P40.service;

import com.P40.pojo.User;

public interface UserService {
    public User queryUserByName(String name);
}

15.6.6.2. Create UserServiceImpl.java

java 复制代码
package com.P40.service;

import com.P40.mapper.UserMapper;
import com.P40.pojo.User;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.stereotype.Service;

@Service
public class UserServiceImpl implements UserService {
    @Autowired
    UserMapper userMapper;

    @Override
    public User queryUserByName(String name) {
        return userMapper.queryUserByName(name);
    }
}

15.6.6.3. Unit Test

Modify ShiroSpringbootApplicationTests.java

java 复制代码
package com.P40;

import com.P40.service.UserServiceImpl;
import org.junit.jupiter.api.Test;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.boot.autoconfigure.EnableAutoConfiguration;
import org.springframework.boot.autoconfigure.jdbc.DataSourceAutoConfiguration;
import org.springframework.boot.test.context.SpringBootTest;

@SpringBootTest
class ShiroSpringbootApplicationTests {

    @Autowired
    UserServiceImpl userService;
    @Test
    void contextLoads() {
        System.out.println(userService.queryUserByName("lisi"));
    }

}

However, the test here cannot run 【Solved】Modified the yaml configuration file and UserMapper.xml file (the key is to remove the file aliases)

15.6.7. Connect to a real database

15.6.7.1. Modify UserRealm.java

java 复制代码
package com.P40.config;

import com.P40.pojo.User;
import com.P40.service.UserService;
import org.apache.shiro.SecurityUtils;
import org.apache.shiro.authc.*;
import org.apache.shiro.authz.AuthorizationInfo;
import org.apache.shiro.realm.AuthorizingRealm;
import org.apache.shiro.subject.PrincipalCollection;
import org.apache.shiro.subject.Subject;
import org.springframework.beans.factory.annotation.Autowired;

// UserRealm is a bean
// Custom UserRealm, must inherit AuthorizingRealm method, and then implement methods (alt+insert)
public class UserRealm extends AuthorizingRealm {

    @Autowired
    UserService userService;

    // Authorization
    @Override
    protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principalCollection) {
        System.out.println("do doGetAuthorizationInfo Authorization");
        return null;
    }

    // Authentication
    @Override
    protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken authenticationToken) throws AuthenticationException {
        System.out.println("do doGetAuthorizationInfo Authentication");

        // Username, password -- Data reading. The following two lines are the user data obtained by simulating connecting to the database in the early stage of programming
//        String name = "root";
//        String password = "1";

        UsernamePasswordToken userToken = (UsernamePasswordToken) authenticationToken;

//        if (!userToken.getUsername().equals(name)){
//            return null;    //Throw UnknownAccountException exception (automatically)
//        }

        // Change to connect to a real database
        User user = userService.queryUserByName(userToken.getUsername());
        if(user == null){   // This user does not exist
            return null;    // UnknownAccountException
        }

        // Password authentication, Shiro operation
//        return new SimpleAuthenticationInfo("",password,"");
        return new SimpleAuthenticationInfo("",user.getPwd(),"");
    }
}

15.6.7.2. Modify the User table

Add a new row of data

15.6.7.3. Restart ShiroSpringbootApplication.java

http://localhost:8080/toLogin

Login test according to the username and password in the User table

Login successful

Directly change the username in the URL to root, since the password is also 123456, the login status can be maintained:

If changing the username to lisi, because the password for lisi is 2345678, it shows password error and cannot log in:

Trying to log in with wangwu's account, but entering the wrong username, it shows username error and cannot log in either:

15.6.7.4. Currently using general encryption

CredentialsMatcher.java

Set breakpoints in MyController.java to check the execution process

Or set breakpoints in UserRealm.java

At this point, the password entered by the user on the web page is not encrypted in CredentialsMatcher, so the password appears explicitly in the URL (plaintext password).

Click the green "I" in the left sidebar to expand ten encryption methods, among which the default is SimpleCredentialsMatcher.

In practical use, MD5 encryption results in the same ciphertext for the same plaintext password, a more secure method is MD5 salt encryption (the username is also appended to the end of the password encrypted with MD5).

相关推荐
Java水解5 分钟前
详细分析SpringBootTest中的测试类(附Demo)
spring boot·后端
WMSmile7 分钟前
Maven下载aspose依赖失败的解决方法
java·maven
Python私教10 分钟前
Rust:安全与性能兼得的现代系统编程语言
java·安全·rust
2401_8979300613 分钟前
Maven 使用教程
java·maven
PXM的算法星球24 分钟前
【Java后端】MyBatis 与 MyBatis-Plus 如何防止 SQL 注入?从原理到实战
java·sql·mybatis
zh_xuan28 分钟前
java Optional
java·开发语言
程序员韩立34 分钟前
现代全栈开发:Next.js与Node.js实战指南
前端·后端
异常君35 分钟前
MySQL 查询优化:JOIN 操作背后的性能代价与更优选择
后端·mysql·性能优化
阿杜杜不是阿木木36 分钟前
03.使用spring-ai玩转MCP
java·人工智能·spring boot·spring·mcp·spring-ai
用户34140819912537 分钟前
网络基础架构(一):sk_ buff与net _device
后端